A Morris auditor's laptop was stolen from the auditor's car. The laptop had three spreadsheets with the names and Social Security numbers of Howard employees. Pension plan, 401(k) and profit-sharing account information was also exposed.

Information Source:
Dataloss DB

records from this breach used in our total:
500

September 17, 2006

U.S. Dept. of Education, Direct Loan ServicingGreenville, Texas

GOV

DISC

21,000

A security breach exposed
private information of student loan borrowers from Aug. 20-22 during
a computer software upgrade. Users of the DOE's Direct Loan Web site were
able to view information other than their own if they used certain
options when accessing the program's web pages. SSNs were among the data elements exposed online. Software company Affiliated Computer Services (ACS)
created the technology for the Direct Loan Servicing feature on the
DoE's site.

Information Source:
Dataloss DB

records from this breach used in our total:
21,000

September 18, 2006

DePaul Medical Center, Radiation Therapy DepartmentNorfolk, Virginia

MED

STAT

More than 100 patients

(757) 889-5945

Two computers were stolen,
one on August 28 and the other Sept. 11. Personal data included names,
date of birth, treatment information, and some SSNs.

Information Source:
Dataloss DB

records from this breach used in our total:
100

September 18, 2006

Olean Area Federal Credit UnionOlean, New York

BSF

HACK

11

An unauthorized party managed to obtain financial information from a fraudulent credit union website link. The information included name, address, Credit Union account number, PIN and account password. More clients who live outside of New York may have been affected.

Because of a hole
in the firewall, a City server exposed personal information online
for 7 months. Individuals identified by the Red Light Camera Enforcement
Program are affected -- name, address, driver's license number, vehicle
identification number, and SSNs of those individuals whose driver's
license number is still the SSN.

Student applications for
need-based financial aid were misplaced by a consultant -- in both
paper and digital form. Data included name, SSN, and reported family
income for students and potential students for the 2005-06 academic
year.

Information Source:
Dataloss DB

records from this breach used in our total:
2,093

September 21, 2006

Pima County Health DepartmentTucson, Arizona

GOV

PHYS

2,500
(no SSNs or financial information reported)

Vaccination records on 2,500
clients had been left in the trunk of a car that was stolen Sept.
12. The car and records have since been recovered. Records included
names, dates of birth and ZIP codes, but no SSNs or addresses.

Information Source:
Dataloss DB

records from this breach used in our total:
0

September 21, 2006

U.S. Department of Commerce and Census BureauWashington, District Of Columbia

The agency reported that
1,137 laptops have been lost or stolen since 2001. Of those, 672 were
used by the Census Bureau, with 246 of those containing personal data.
Secretary Gutierrez said the computers had protections to prevent
a breach of personal information.

Information Source:
Media

records from this breach used in our total:
0

September 22, 2006

Purdue University College of ScienceWest Lafayette, Indiana

EDU

STAT

2,482

(866) 307-8520

A file in a desktop computer
in the Chemistry Department may have been accessed illegitimately.
The file contained names, SSNs, school, major, and e-mail addresses
of people who were students in 2000.

Information Source:
Dataloss DB

records from this breach used in our total:
2,482

September 22, 2006

University of Colorado, Boulder, Leeds School of BusinessBoulder, Colorado

EDU

STAT

1,372 students and former
students

(303) 492-8741

Two computers had been placed
in storage during the school's move to temporary quarters in May.
When they were to be retrieved Aug. 28, they were found missing. They
had been used by 2 faculty members and included students' names, SSNs,
and grades.

UPDATE
(9/25/06): One of the computers was found.

Information Source:
Dataloss DB

records from this breach used in our total:
1,372

September 22, 2006

Several Indianapolis pharmaciesIndianapolis, Indiana

MED

PHYS

Unknown

Earlier this year a local
TV reporter from WTHR found that dozens of pharmacies
disposed of customer records in unsecured garbage bins. Now the Indiana
Board of Pharmacy has launched an investigation of 30 pharmacies.
Both the Board and the Attorney General say that the pharmacies violated
state law.

Information Source:
Media

records from this breach used in our total:
0

September 23, 2006

Erlanger Health SystemChattanooga, Tennessee

MED

PORT

4,150 current and former
employees

Records of hospital employees
disappeared from a locked office on Sept. 15. They were stored on
a USB jump drive. Information was limited to names and
SSNs. Those affected included anyone who went through job status
changes from Nov. 2003 to Sept. 2006.

Information Source:
Dataloss DB

records from this breach used in our total:
4,150

September 23, 2006

North Fork BankMelville, New York

BSF

HACK

3,570

On the morning of July 31, criminals altered a link on the Personal Banking page of NorthForkBank.com that was designed to take visitors to the My NFB Online sign-on page and redirected them to a counterfeit website. The counterfeit website requested sensitive customer information, although it appears that the counterfeit website may not have functioned as intended. The altered link was identified and repaired within three hours and the hacker's access was terminated.

Information Source:
Dataloss DB

records from this breach used in our total:
3,570

September 25, 2006

Movie Gallery USGastonia, North Carolina

BSR

PHYS

3,800

A large number of Movie
Gallery's files and videos were found in a dumpster. The files contained
personal information of people employed by Movie Gallery and people
applying for jobs at the video store as well as people applying
for movie rental membership. Movie Gallery has agreed
to pay $50,000 to the State of NC for the breach.

Information Source:
Dataloss DB

records from this breach used in our total:
3,800

September 25, 2006

General Electric (GE) Fairfield, Connecticut

BSO

PORT

50,000 employees

An employee's laptop computer
holding the names and Social Security numbers of approximately 50,000
current and former GE employees was stolen from a locked hotel room
while he was traveling for business.

Information Source:
Dataloss DB

records from this breach used in our total:
50,000

September 27, 2006

New York Life Insurance CompanyBoston, Massachusetts

BSF

STAT

Unknown

A life insurance agent reported that two desktops were stolen from his office. Customer names, Social Security numbers, addresses, dates of birth and policy numbers may have been exposed. An unspecified number of customers nationwide were affected.

Information Source:
Dataloss DB

records from this breach used in our total:
0

September 28, 2006

North Carolina Department of Motor VehiclesLouisville, North Carolina

GOV

STAT

16,000

(888) 495-5568

A computer was stolen
from a NC Dept. of Motor Vehicles office, reported Sept. 10. It
contains names, addresses, driver's license numbers, SSNs, and in
some cases immigration visa information of 16,000 people who have
been issued licenses in the past 18 months. Most are residents of
Franklin County.

Information Source:
Dataloss DB

records from this breach used in our total:
16,000

September 28, 2006

Illinois Department of Transportation (IDOT)Springfield, Illinois

GOV

PHYS

40

Documents found by state
auditors in recycling bins in a hallway contained IDOT employee
names and SSNs.

A manager for the hospital's
billing company, Med Data, stole patients' credit card numbers. She
gave them to her brother who bought $30,000 worth of clothes and gift
cards over the Internet. The woman is scheduled for sentencing in
Nov. and her brother's trial is expected Jan. 2007.

Information Source:
Dataloss DB

records from this breach used in our total:
30

September 28, 2006

New York State Banking DepartmentNew York, New York

BSF

DISC

19,640

During the routine process of indexing the search engine of the Department's website, data files from the 2005 Volume of Operations Reports were inadvertently made accessible to members of the public between July 27 and August 29. Personal information included the Social Security numbers of all independent contractors employed by both licensed mortgage bankers and registered mortgage brokers. Social Security numbers of all felons employed by those registrants who also opted to electronically failed their 2005 VOO reports were also available through the Department's website search engine.

Information Source:
Dataloss DB

records from this breach used in our total:
19,640

September 29, 2006

University of Iowa Department of PsychologyIowa City, Iowa

EDU

HACK

14,500

A computer containing SSNs
of 14,500 psychology department research study subjects was the object
of an automated attack designed to store pirated video files for subsequent
distribution.

Information Source:
Dataloss DB

records from this breach used in our total:
14,500

September 29, 2006

Kentucky Personnel Cabinet via Bluegrass MailingFrankfort, Kentucky

GOV

DISC

146,000

State employees received
letters from the Kentucky Personnel Cabinet with their SSNs visible
through the envelope windows.

A laptop computer was stolen from the home of an employee on or around May 23. This laptop contained claimants' names, Social Security numbers and addresses. Nationwide Agribusiness learned of the theft in early September and began the process of developing a privacy and security awareness package for all employees.

Information Source:
Dataloss DB

records from this breach used in our total:
306

October 2, 2006

Port of Seattle, Seattle-Tacoma Airport (Sea-Tac)Seattle, Washington

GOV

PORT

6,939 current and
former Seattle-Tacoma International Airport employees

Six CDs missing from
the ID Badging office at Seattle-Tacoma International Airport hold
the personal information of 6,939 airport workers. The data include
names, addresses, birth dates, SSNs and driver's license numbers,
telephone numbers, employer information, and height/weight. The
data on the disks were scanned from paper applications for airport
badges. The port learned of the missing disks on September 18 and
sent letters to the affected employees on Oct. 2.

Information Source:
Dataloss DB

records from this breach used in our total:
6,939

October 2, 2006

CitigroupChicago, Illinois

BSF

PORT

11

An employee from a Pennsylvania branch reported a missing laptop after a flight. It is believed that the laptop may have been stolen from the employee's luggage after the bags were checked-in for a flight from Chicago to Philadelphia sometime around August 26. At least 11 New York residents and an unknown number of clients nationwide may have had their names, Social Security numbers, addresses and other information exposed.

Information Source:
Dataloss DB

records from this breach used in our total:
11

October 3, 2006

Cumberland CountyCarlisle, Pennsylvania

GOV

DISC

1,200 employees of the
county

Cumberland County (PA)
officials removed salary board meeting minutes from their Web site
because they contained the SSNs of 1,200 county employees. The information
was included in minutes from meetings prior to 2000. The county
no longer uses SSNs as unique identifiers for employees. Employees
will be informed of the data breach in a note included with their
paychecks.

Information Source:
Dataloss DB

records from this breach used in our total:
1,200

October 3, 2006

Willamette Educational Service District (ESD)Salem, Oregon

EDU

STAT

4,500 Oregon high school students [not included in total because not thought to contain sensitive info. such as SSNs]

Seven computers stolen from a Willamette Educational Service District office were believed to contain personal information of 4,500 Oregon high school students. Backup tapes indicate the computers hold information about the students' school clubs but do not contain sensitive information.

Information Source:
Media

records from this breach used in our total:
0

October 3, 2006

Picatinny ArsenalRockaway, New Jersey

GOV

UNKN

Unknown

If you have tips, call (973) 989-0652

28 computers are missing
from the Picatinny Arsenal, a Department of Defense Weapons Research
Center. The computers were reported lost or stolen over the last two
years. None of the computers was encrypted. Officials state the computers
did not contain classified information.

Information Source:
Media

records from this breach used in our total:
0

October 3, 2006

Western Financial Services Inc.Englewood, Colorado

BSF

PORT

43

A laptop lost during shipping contained names, Social Security numbers, driver's license numbers and addresses. The laptop was first discovered missing on or sometime before August 31. At least 43 New York residents were affected, but the number of affected customers nationwide was not reported. Affected individuals were notified on October 4.

Information Source:
Dataloss DB

records from this breach used in our total:
43

October 4, 2006

Orange County ControllerOrlando, Florida

GOV

DISC

Unknown

A Florida woman discovered
her marriage license was visible on the Orange County (FL) controller's
Web site with no information blacked out, not even SSNs. She discovered
the breach because someone had applied for a loan in her name. The
Orange County Comptroller is reportedly paying a vendor $500,000 to
black out all SSNs by January 2008.

Information Source:
Media

records from this breach used in our total:
0

October 5, 2006

San Juan Capistrano Unified School District (CA) San Juan Capistrano, California

EDU

STAT

Unknown

Five computers stolen from
the HQ of San Juan Capistrano Unified School District likely contain
the names, SSNs and dates of birth of district employees enrolled
in an insurance program.

Information Source:
Dataloss DB

records from this breach used in our total:
0

October 5, 2006

Homecoming Financial Network Inc.Minneapolis, Minnesota

BSF

DISC

988

On September 9, a web-based tool for mortgage brokers was released that allowed brokers to view all loan applications submitted by all other brokers. The information included names, Social Security numbers and addresses. The flaw was discovered and fixed the next day.

Information Source:
Dataloss DB

records from this breach used in our total:
988

October 6, 2006

Cleveland Air Route Traffic Control CenterOberlin, Ohio

GOV

STAT

400

A computer hard drive missing
from the Cleveland Air Route Traffic Control Center in Oberlin (OH)
contains the names and SSNs of at least 400 air traffic controllers.

A laptop containing personal information of employees was stolen from a hotel room on September 13. The information included name, Social Security number, date of birth, address, date of hire, occupation, salary, supplemental insurance information, and identified the type and tier of medical and/or dental coverage.

Information Source:
Dataloss DB

records from this breach used in our total:
0

October 9, 2006

Troy Athens High SchoolTroy, Michigan

EDU

PORT

4,400

For questions or comments, call (248) 823-4035

A hard drive stolen from
Troy Athens High School in August contained transcripts, test scores,
addresses and SSNs of students from the graduating classes of 1994
to 2004. The school district and the superintendent have notified
all affected alumni by regular mail.

Information Source:
Dataloss DB

records from this breach used in our total:
4,400

October 9, 2006

Atlantis Plastic Inc.Atlanta, Georgia

BSR

PORT

720

A laptop was stolen from Atlantis' accounting firm on October 5. The laptop contained personal information for 720 participants in the Atlantis 401(k) plan. Names, Social Security numbers, dates of birth, addresses and 401(k) account balance information may have been exposed.

Information Source:
Dataloss DB

records from this breach used in our total:
720

October 10, 2006

Florida Labor DepartmentTallahassee, Florida

GOV

DISC

4,624

The names and SSNs of 4,624
Floridians were accessible on the Internet for approximately 18 days
in September. The data were not accessible through websites, but
an individual came across the information when Googling his own name.
The agency has asked Google to remove the pages from its cache, and
has notified all affected individuals by mail. Individuals who had registered with Florida 's Agency for Workforce Innovation were affected.

The Republican National
Committee (RNC) inadvertently emailed a list of donors' names, SSNs
and races to a New York Sun reporter.

Information Source:
Dataloss DB

records from this breach used in our total:
76

October 11, 2006

DirecTV, Deloitte and Touche LLCEl Segundo, California

BSR

PORT

55

A laptop containing the names and Social Security numbers of some current and former DirecTV employees was stolen during a home burglary of a Deloitte and Touche LLP employee. The theft occurred sometime in August. Deloitte and Touche performs audits of The DirecTV Group's pension plans.

Information Source:
Dataloss DB

records from this breach used in our total:
55

October 12, 2006

U.S. Census Bureau Washington, District Of Columbia

GOV

PORT

Unknown

Additional location: Travis
Co., TX

This spring, residents
of Travis County, TX helped the Census Bureau test new equipment.
When the test period ended, 15 devices were unaccounted for. The
Census Bureau and the Commerce Department issued a press release
saying the devices held names, addresses and birthdates, but not
income or SSNs.

Information Source:
Media

records from this breach used in our total:
0

October 12, 2006

Congressional Budget OfficeWashington, District Of Columbia

GOV

HACK

Unknown

Hackers broke into the Congressional
Budget Office's mailing list and sent a phishing e-mail that
appeared to come from the CBO.

Two computers stolen
from a University of Texas faculty member's home hold the names,
SSNs, grades, e-mail addresses and other information belonging to
approximately 2,500 students enrolled in computer science and engineering
classes between fall 2000 and fall 2006. The theft occurred on September
29 and was reported on October 2.

Information Source:
Dataloss DB

records from this breach used in our total:
2,500

October 12, 2006

Sears Holding CorporationWinter Park, Florida

BSF

PORT

Unknown

A laptop was stolen from the office on September 28. Certain customers had their information on an access database file that was on the laptop. Names, telephone numbers, addresses, account number, account types and account expiration dates were exposed.

Information Source:
Dataloss DB

records from this breach used in our total:
0

October 13, 2006

Ohio Ethics CommissionColumbus, Ohio

GOV

PHYS

Unknown

Papers belonging to the
Ohio Ethics Commission were found floating on the wind in an alley.
The documents are related to state employees' finances and contained
SSNs and financial statements. They were supposed to be in the possession
of the state archives.

Information Source:
Dataloss DB

records from this breach used in our total:
0

October 14, 2006

T-Mobile USA Inc.Bellvue, Washington

BSO

PORT

43,000 current and former
employees

A laptop computer holding
personally identifiable information of approximately 43,000 current
and former T-Mobile employees disappeared from a T-Mobile employee's
checked luggage. T-Mobile has reportedly sent letters to all those
affected. The data are believed to include names, addresses, SSNs,
dates of birth and compensation information.

Information Source:
Dataloss DB

records from this breach used in our total:
43,000

October 14, 2006

CBA Information Solutions, Washington Savings BankBowle, Maryland

BSF

UNKN

Unknown

An unauthorized user gained access to the log in information of Washington Savings Bank. The unauthorized user could have accessed customer and non-customer names, Social Security numbers, addresses and credit histories. The breach occurred between September 15 and September 21. At least 20 New York residents were affected, but the nationwide total was not reported.

Information Source:
Dataloss DB

records from this breach used in our total:
0

October 15, 2006

Poulsbo Department of LicensingPoulsbo, Washington

GOV

PORT

2,200

An unspecified “storage
device” containing personally identifiable data of approximately 2,200
North Kitsap (WA) residents has been lost from the Poulsbo Department
of Licensing. The data include names, addresses, photographs and driver's
license numbers of individuals who conducted transactions at the Poulsbo
branch in late September.

Information Source:
Media

records from this breach used in our total:
2,200

Breach Total

816,044,756 RECORDS BREACHED(Please see explanation about this total.)from 4,506 DATA BREACHES made public since 2005